Common server troubleshooting steps for Information Centric Tagging
search cancel

Common server troubleshooting steps for Information Centric Tagging

book

Article ID: 172854

calendar_today

Updated On:

Products

Information Centric Security

Issue/Introduction

Uses wants to know common server troubleshooting steps for Information Centric Tagging (ICT).

Resolution

  • ICT Administration / Server troubleshooting
    • Check ICT correct operation
      • Ensure ICT databases are in place and the SQL server is accessible: SQL Management Studio
      • Ensure that you have the correct SQL Server instance and ICT configuration database configured in the web.config
      • ICT site and service errors are placed into a log file under the User profile running the application pool (AD-RMS service account)
        • Ensure error logging is on by changing Web.Config keys “DebugMode” to “1”
        • Use a tool to get more logging information
        • Check: %USERPROFILE%\AppData\Local\Temp\rightswatch.log file for further details
      • Check ICT services correct operation
        • Using Internet Explorer locally (running under the identity of a configured user) invoke the ICT server web-service to test it:
      • Check Integrated authentication options are configured correctly

 

  • Mobile operations (make sure the Debug Mode is set to 1 in the web.config; logs in the debug view needs this option)

    • When sending an email
      • First uses the Mlsservice webservice (C:\inetpub\wwwroot\ICT\webservice) to get the configurations in the phone
      • Then, uses the ICT Mobile Mail Service (C:\inetpub\wwwroot\ICT\RightsWATCH-bb-webservice), usually in the ICTserver
        • This one will call the mlsservice webservice again to store the configurations in the user profile
      • Using debug View, is it starting the csDispatcher service?
        • If yes, Is it calling the RWimpersonation client?
        • Any error when contacting the EWS (Exchange web services)?
      • Get the logs of the impersonation client according to the location in the next section and analyse them
        • Getting the configuration while accessing the MLSService (http 200)?
        • More than 10seconds to do the getConfigVersioned, “Error on initRmsEnvironment!”, “THE SIGNATURE COULD NOT BE VERIFIED!” or “Plugin is not licensed!”, please verify the connection to the database
          • Also you can try to force the download of the configuration file by deleting the mls-config.xml under the %userprofile%/appdata/roaming/Watchful Software/RightsWATCH
          • Can also be related to wrong mls-key.bin under c:\inetpub\wwwroot\ICT\RightsWATCH-bb-webservice\rightswatch
        • Getting a http 401?
          • Verify if the webservice in the registry (HKLM/Software/Watchful Software/RightsWATCH and HKLM/Software/Wow6432Node/Watchful Software/RightsWATCH) is correctly configured – using the machine name.
          • Run an impersonated user IE window and try to access the URL/mlsservice.asmx (should not be prompted for credentials)
        • Not able to do the Init DRM Environment
          • RMS client 2.x installed in the server?
          • Verify Here
    • When Replying / Forwarding an email
      • Then, uses the ICT Mobile Mail Service (C:\inetpub\wwwroot\RightsWATCH\RightsWATCH-bb-webservice), usually in the ICT server
        • This one will call the mlsservice webservice again to store the configurations in the user profile
      • Using debug View, is it starting the csDispatcher service?
        • If yes, Is it calling the RWimpersonation client?
        • Any error when contacting the EWS (Exchange web services)?
      • Get the logs of the impersonation client according to the location in the next section and analyse them
        • Getting the configuration while accessing the MLSService (http 200)?
        • More than 10seconds to do the getConfigVersioned, “Error on initRmsEnvironment!”, “THE SIGNATURE COULD NOT BE VERIFIED!” or “Plugin is not licensed!”, please verify the connection to the database
          • Also you can try to force the download of the configuration file by deleting the mls-config.xml under the %userprofile%/appdata/roaming/Watchful Software/RightsWATCH
          • Can also be related to wrong mls-key.bin under c:\inetpub\wwwroot\RightsWATCH\RightsWATCH-bb-webservice\rightswatch
        • Getting a http 401?
          • Verify if the webservice in the registry (HKLM/Software/Watchful Software/RightsWATCH and HKLM/Software/Wow6432Node/Watchful Software/RightsWATCH) is correctly configured – using the machine name.
          • Run an impersonated user IE window and try to access the URL/mlsservice.asmx (should not be prompted for credentials)
        • Not able to do the Init DRM Environment
          • RMS client 2.x installed in the server?
          • Verify Here
    • When Getting the headers of an email while reading
      • Uses the ICT Mobile Mail Service (C:\inetpub\wwwroot\RightsWATCH\RightsWATCH-bb-webservice), usually in the ICT server
        • This one will call the mlsservice webservice again to store the configurations in the user profile
      • Using debug View, is it starting the csDispatcher service?
        • If yes, Is it calling the RWimpersonation client?
        • Any error when contacting the EWS (Exchange web services)?
      • Get the logs of the impersonation client according to the location in the next section and analyse them
        • Getting the configuration while accessing the MLSService (http 200)?
        • More than 10seconds to do the getConfigVersioned, “Error on initRmsEnvironment!”, “THE SIGNATURE COULD NOT BE VERIFIED!” or “Plugin is not licensed!”, please verify the connection to the database
          • Also you can try to force the download of the configuration file by deleting the mls-config.xml under the %userprofile%/appdata/roaming/Watchful Software/RightsWATCH
        • Getting a http 401?
          • Verify if the webservice in the registry (HKLM/Software/Watchful Software/RightsWATCH and HKLM/Software/Wow6432Node/Watchful Software/RightsWATCH) is correctly configured – using the machine name.
          • Run an impersonated user IE window and try to access the URL/mlsservice.asmx (should not be prompted for credentials)
    • When Getting the body of the email while reading and opening protected documents (word, excel, Power Point and pdf)
      • Uses the ICT Mobile Service (C:\inetpub\wwwroot\ICT\mobile-service), usually in the AD RMS server
      • Correct authentication method configured - windows authentication
      • Using debug View
        • is it starting the RWMobileService?
        • Was RAC aquired?
        • Correct date in the RAC? No significant difference in the time?
        • Db_datareader permissions granted in the AD RMS database?
        • RMS Mode 2 enabled? If yes you will see an error related to the cryptographic mode in use. For Mode 2, ICT needs the AD RMS MDE in place.
        • Mobile service correctly configured in the Administration console?
Powered by Wolken Software